On February 19, 2026, the University of Mississippi Medical Center suffered a ransomware attack that disrupted operations across its entire network. Since then, UMMC officials have shared very little with the public. Questions about communications with the attackers and cybersecurity budget decisions remain unanswered.
What Happened at UMMC
The attack struck UMMC’s IT infrastructure hard. Electronic medical records, appointment systems, billing information, and internal communications all went offline. As a result, UMMC closed all clinic locations statewide. Outpatient surgeries, elective procedures, and imaging appointments were cancelled and rescheduled.
However, hospitals and emergency departments in Jackson, Grenada, Madison County, and Holmes County stayed open. Staff quickly activated downtime procedures — backup protocols typically used during planned maintenance — to keep care running without electronic systems.
UMMC’s Emergency Operations Activation
Within one hour of the attack, UMMC activated its emergency operations plan, as required by the Mississippi State Department of Health. The FBI and the Department of Homeland Security were also notified. Additionally, UMMC took down all network systems — including phone and email — as a precautionary measure. Risk assessments must be completed before any system is brought back online.
How Ransomware Attacks Work
Ransomware is a type of malicious software. Hackers use it to encrypt a victim’s files and then demand payment in exchange for the decryption key. They also threaten to delete or publish stolen data if payment is not made.
Healthcare systems are especially attractive targets. On the black market, a single patient record can be worth up to $1,000. Therefore, large hospital data breaches can be extremely profitable for attackers. The rise of AI tools has further lowered the barriers to entry for cybercriminals.
The Rise of Ransomware-as-a-Service
Groups like Qilin now offer “ransomware-as-a-service” platforms to affiliate hackers. In return, operators collect a share of every ransom paid. According to the Searchlight Ransomware H2 2025 report, 124 different ransomware groups were active last year. Of those, 73 were new to the landscape. The victim growth rate has doubled since 2024, reaching an all-time high.
UMMC’s Response and Communication
LouAnn Woodward, UMMC’s vice chancellor for health affairs and dean of the school of medicine, confirmed at a news conference that the attackers made contact. “The attackers have communicated to us and we are working with the authorities and specialists on next steps,” she said. Beyond that, no further details were provided.
A UMMC spokesperson declined to give The Mississippi Independent any additional information. This included details about communications with the hackers and whether cybersecurity budget changes contributed to the system’s vulnerability. The spokesperson directed the public to UMMC’s Facebook page for updates.
FBI and DHS Involvement
FBI Special Agent in Charge Robert Eikhoff stated at the press conference: “It is too early to communicate what we do and don’t know.” He added that both local and national resources were being mobilized to support UMMC and its vendors through the investigation and recovery process.
Learning From Alabama’s DCH Health Systems
A similar ransomware attack hit Alabama’s DCH Health Systems in October 2019. Officials there ultimately paid an undisclosed ransom to regain access to their systems. DCH spokesperson Brad Fisher confirmed the payment was made to expedite recovery and ensure patient safety. It remains unclear whether UMMC will take a similar approach.
State Officials Weigh In
State Rep. Fabian Nelson (D-Byram), a member of the House Technology Committee, told The Mississippi Independent that his committee is actively reviewing regulations and procedures to address new and emerging cyber threats. He praised UMMC’s transparent response and swift activation of safety protocols.
“By UMMC being a teaching institute, they know how to do it the old-school way without computers,” Nelson said. “I want people to rest assured that UMMC is handling this the best way they possibly can.”
Cyberattacks Are Inevitable, Says Nelson
Nelson acknowledged that cyberattacks of this nature are largely unavoidable. Hackers send attacks to thousands of entities simultaneously, then target whichever ones show vulnerabilities. “The way these hackers work, they’ll probably send these attacks out to hundreds of thousands of entities. When they find a loophole, that’s who they target,” he explained. Cybersecurity, he stressed, requires constant adaptation.
Healthcare Cybersecurity: A Growing Crisis
The UMMC attack is not an isolated incident. Between 2015 and 2025, reported hospital cyberattacks tripled in the United States. The number of impacted records has also grown dramatically. In April 2023, approximately 5.3 million records were compromised. By April 2024, that number jumped to 15.3 million.
Hospitals Are Underinvesting in Cybersecurity
Despite the increasing threat, many hospitals are spending less on cybersecurity. In 2023, 10% of hospitals invested 10% or more of their IT budgets on cybersecurity. By 2024, that figure dropped to 8%. For-profit hospitals specifically declined from 22% to around 18% over the same period.
A 2024 Kroll report found that more than 26% of healthcare organizations lack a full complement of threat detection capabilities. Only 3% of healthcare institutions have cybersecurity features that go beyond basic monitoring. This gap leaves patient data dangerously exposed.
Mississippi Hospitals Have Been Hit Before
UMMC’s attack is the fourth to strike a Mississippi hospital system in three years. In 2023, both North Mississippi Health Services and OCH Regional Medical Center in Starkville suffered cyberattacks. Singing River Health System experienced a 2023 ransomware attack that exposed nearly one million individuals’ health records. Just two months before the UMMC attack, Singing River identified yet another potential cyberthreat.
Ransomware Threats Are Rising Nationwide
The Ascension Health ransomware attack of May 2024 serves as a stark warning. The St. Louis-based system, which operates hospitals in Alabama, did not realize the full scope of the breach until December 2024. In total, 5.6 million records were compromised — making it the third-largest healthcare data breach of that year, behind the Change Healthcare attack (100 million records) and the Kaiser Foundation breach (13.4 million records).
What Comes Next for UMMC
UMMC operates seven hospitals and 35 clinics statewide, serving more than 70,000 patients annually and employing over 10,000 staff members. Its annual budget sits at approximately $2 billion. However, the portion allocated specifically to cybersecurity remains undisclosed. IHL spokesperson John Sewell stated that UMMC has “fully invested in its cybersecurity” and will continue to do so through the recovery process.
For now, UMMC’s hospitals and emergency departments remain operational. The closure of outpatient clinics and cancellation of non-emergency procedures continues until systems are restored and verified as secure. Updates are being posted to UMMC’s official Facebook page.
